lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Nov 2016 17:55:25 +0100
From:   Borislav Petkov <bp@...e.de>
To:     Tony Luck <tony.luck@...il.com>
Cc:     Henrique de Moraes Holschuh <hmh@....eng.br>,
        "Luck, Tony" <tony.luck@...el.com>,
        Andi Kleen <andi@...stfloor.org>,
        Ashok Raj <ashok.raj@...el.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86/mce: Include the PPIN in machine check records
 when it is available

On Wed, Nov 23, 2016 at 08:42:40AM -0800, Tony Luck wrote:
> If the BIOS writes 10b, then PPIN is disabled and will remain so until
> the processor is reset. Bit 1 is a one way trip, it can be set by s/w,
> but not cleared again.

10b means bit 1, i.e., Enable_PPIN is set, right? Which actually
*enables* PPIN. Or am I confused again?

Otherwise, this explains the "Once set" wording - if Enable_PPIN is 1,
there's no changing until next reboot.

> All this is because of the huge stink last time Intel tried to add
> a serial number to CPUs a decade and a half ago.

It certainly rang a bell when you sent v1. :-)

> The lockout bit is so that this can be turned off in a way that you
> can be sure that it can't be turned on again.

... in order to protect ourselves from root doing wrmsr? Or why are we
doing this?

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ